CVE-2026-7458

The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the "userverificationformwrapprocessotpLogin" function. This makes it...

CVE-2026-7458

The CVE-2026-7458 entry concerns the WordPress plugin “User Verification by PickPlugins” with authentication bypass in all versions up to 2.0.46. The root cause is a loose PHP comparison operator used to validate OTP codes in user_verification_form_wrap_process_otpLogin, enabling unauthenticated ...

EUVD-2026-26737

The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the "userverificationformwrapprocessotpLogin" function. This makes it...

WordPress plugin User Verification by PickPlugins 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2025-12374

The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.44. This is due to the plugin not properly validating that an OTP was generate...

CVE-2025-12374

The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.44. This is due to the plugin not properly validating that an OTP was generate...

CVE-2025-12374 Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification <= 2.0.39 - Authentication Bypass to Account Takeover

The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.39. This is due to the plugin not properly validating that an OTP was generate...

EUVD-2025-201358

The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.39. This is due to the plugin not properly validating that an OTP was generate...

CVE-2025-12374 Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification <= 2.0.44 - Authentication Bypass to Account Takeover

The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.44. This is due to the plugin not properly validating that an OTP was generate...

PT-2025-49228

Name of the Vulnerable Software and Affected Versions Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification plugin for WordPress versions up to and including 2.0.39 Description The plugin does not properly validate that an One-Time Passwo...

GitLab 0.0 < 15.5.7 / 15.6 < 15.6.4 / 15.7 < 15.7.2 (CVE-2022-4037)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can le...

Shopify: Takeover an account that doesn't have a Shopify ID and more

Details The https://pos-channel.shopifycloud.com/graphql-proxy/admin can be exploited to update a staff member email without any email confirmation. Using the partner dashboard, we've the ability to create a store that doesn't have a Shopify ID account on https://accounts.shopify.com. By using...

Mozilla Releases BrowserID Web Authentication System

Mozilla has released a new browser-based federated login mechanism called BrowserID that is designed to replace the login process on Web sites that requires users to supply an email and password. The experimental system relies on the Verified Email protocol and also works on other browsers,...